Pete Bentley | a5c947b | 2019-08-09 14:24:27 +0000 | [diff] [blame^] | 1 | /* Copyright (c) 2019, Google Inc. |
| 2 | * |
| 3 | * Permission to use, copy, modify, and/or distribute this software for any |
| 4 | * purpose with or without fee is hereby granted, provided that the above |
| 5 | * copyright notice and this permission notice appear in all copies. |
| 6 | * |
| 7 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| 8 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| 9 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
| 10 | * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| 11 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| 12 | * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| 13 | * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
| 14 | |
| 15 | #include <stdint.h> |
| 16 | #include <string.h> |
| 17 | |
| 18 | #include <openssl/siphash.h> |
| 19 | |
| 20 | |
| 21 | static void siphash_round(uint64_t v[4]) { |
| 22 | v[0] += v[1]; |
| 23 | v[2] += v[3]; |
| 24 | v[1] = (v[1] << 13) | (v[1] >> (64 - 13)); |
| 25 | v[3] = (v[3] << 16) | (v[3] >> (64 - 16)); |
| 26 | v[1] ^= v[0]; |
| 27 | v[3] ^= v[2]; |
| 28 | v[0] = (v[0] << 32) | (v[0] >> 32); |
| 29 | v[2] += v[1]; |
| 30 | v[0] += v[3]; |
| 31 | v[1] = (v[1] << 17) | (v[1] >> (64 - 17)); |
| 32 | v[3] = (v[3] << 21) | (v[3] >> (64 - 21)); |
| 33 | v[1] ^= v[2]; |
| 34 | v[3] ^= v[0]; |
| 35 | v[2] = (v[2] << 32) | (v[2] >> 32); |
| 36 | } |
| 37 | |
| 38 | uint64_t SIPHASH_24(const uint64_t key[2], const uint8_t *input, |
| 39 | size_t input_len) { |
| 40 | const size_t orig_input_len = input_len; |
| 41 | |
| 42 | uint64_t v[4]; |
| 43 | v[0] = key[0] ^ UINT64_C(0x736f6d6570736575); |
| 44 | v[1] = key[1] ^ UINT64_C(0x646f72616e646f6d); |
| 45 | v[2] = key[0] ^ UINT64_C(0x6c7967656e657261); |
| 46 | v[3] = key[1] ^ UINT64_C(0x7465646279746573); |
| 47 | |
| 48 | while (input_len >= sizeof(uint64_t)) { |
| 49 | uint64_t m; |
| 50 | memcpy(&m, input, sizeof(m)); |
| 51 | v[3] ^= m; |
| 52 | siphash_round(v); |
| 53 | siphash_round(v); |
| 54 | v[0] ^= m; |
| 55 | |
| 56 | input += sizeof(uint64_t); |
| 57 | input_len -= sizeof(uint64_t); |
| 58 | } |
| 59 | |
| 60 | union { |
| 61 | uint8_t bytes[8]; |
| 62 | uint64_t word; |
| 63 | } last_block; |
| 64 | last_block.word = 0; |
| 65 | memcpy(last_block.bytes, input, input_len); |
| 66 | last_block.bytes[7] = orig_input_len & 0xff; |
| 67 | |
| 68 | v[3] ^= last_block.word; |
| 69 | siphash_round(v); |
| 70 | siphash_round(v); |
| 71 | v[0] ^= last_block.word; |
| 72 | |
| 73 | v[2] ^= 0xff; |
| 74 | siphash_round(v); |
| 75 | siphash_round(v); |
| 76 | siphash_round(v); |
| 77 | siphash_round(v); |
| 78 | |
| 79 | return v[0] ^ v[1] ^ v[2] ^ v[3]; |
| 80 | } |